Skip to content

Instantly share code, notes, and snippets.

@derblub
Forked from cadavor/TrueNas12.xSetup.md
Created July 24, 2022 10:18
Show Gist options
  • Save derblub/a6fcb3d346979ef8c0e651ee0c74d6c2 to your computer and use it in GitHub Desktop.
Save derblub/a6fcb3d346979ef8c0e651ee0c74d6c2 to your computer and use it in GitHub Desktop.
Ultimate TrueNas 12 Setup Guide

TrueNAS 12.x

WARNING READ THIS: This page contains incomplete and possibly incorrect info. The page is constantly being edited and worked on. Many of these should work but some may be broken. Read the code carefully to understand what you are doing, stuff may be need to be changed for your own use. These include but are not limited too JAIL AND ROUTER IPs, YOUR FREENAS MAIN VOLUME,THE MOST RECENT RELEASE OF DOWNLOADED FILES. Use at your own risk.

Thanks to the creator of this guide https://forums.freenas.org/index.php?resources/fn11-1-iocage-jails-plex-tautulli-sonarr-radarr-lidarr-jackett-ombi-transmission-organizr.58/

Setup Structure

myVol > -media > -series
                 -movies
                 -musics
                 -cloud
                 -downloads > -complete > -radarr
                                          -sonarr
                                          -lidarr
        -apps > -plex
                -sonarr
                -radarr
                -lidarr
                -transmission
                -jackett
                -tautulli
                -shinobi
                -nextcloud > -config
                             -db
                             -themes
                -duplicati

I have pool named myVol. I created a dataset named "media" owned by the default freenas user media:media. The dataset contains the folders series,movies,downloads. Radarr, Sonarr, Lidarr, Transmission will need to run as the user media:media to have access to them, this is very important and should not be overlooked. I also have a dataset named "apps" with one folder by appication to hold the config data.

Permissions

For Sonarr, Radarr, Lidarr, Transmission you will have to change the default user to media:media so the jails can work together properly.

Use the name of your plugin instead of PLUGIN

service PLUGIN onestop
chown -R media:media /usr/local/PLUGIN (this location might be different for some of the apps)
sysrc 'PLUGIN_user=media'
sysrc 'PLUGIN_group=media'
service PLUGIN start

My current setup (dates show the last successful test):

Configuration:

Plex (or PlexPass)

# Create the jail (through Truenas UI or by command)
iocage create -n "plex" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on" 

# Install Plex and dependencies
iocage exec plex pkg install -y plexmediaserver
# or plexmediaserver-plexpass for PlexPass

# Mount storage
iocage exec plex "mkdir -p /config"
iocage fstab -a plex /mnt/myVol/apps/plex /config nullfs rw 0 0
iocage fstab -a plex /mnt/myVol/media /mnt/media nullfs ro 0 0

# Set permissions
iocage exec plex chown -R plex:plex /config

# Enable service
iocage exec plex sysrc "plexmediaserver_enable=YES"
iocage exec plex sysrc plexmediaserver_support_path="/config"
iocage exec plex service plexmediaserver start
# or for PlexPass
iocage exec plex sysrc "plexmediaserver_plexpass_enable=YES"
iocage exec plex sysrc plexmediaserver_plexpass_support_path="/config"
iocage exec plex service plexmediaserver-plexpass start

Transmission

iocage create -n "transmission" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"

iocage exec transmission pkg install -y transmission

iocage exec transmission mkdir -p /config/transmission-home
iocage exec transmission mkdir -p  /mnt/downloads
iocage fstab -a transmission /mnt/myVol/apps/transmission /config nullfs rw 0 0
iocage fstab -a transmission /mnt/myVol/media/downloads /mnt/downloads nullfs rw 0 0

iocage exec transmission sysrc "transmission_enable=YES"
iocage exec transmission sysrc "transmission_conf_dir=/config/transmission-home"
iocage exec transmission sysrc "transmission_download_dir=/mnt/downloads/complete"

iocage exec transmission "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec transmission "pw groupadd -n media -g 8675309"
iocage exec transmission "pw groupmod media -m transmission"
iocage exec transmission  chown -R media:media /config/transmission-home
iocage exec transmission  chown -R media:media /mnt/downloads
iocage exec transmission  sysrc 'transmission_user=media'

iocage exec transmission service transmission start
 
# you may need to change the white list in /config/transmission-home/settings.json to 0.0.0.0 or set to your preferred settings

Deluge (not working 2020-11-14)

iocage create -n "deluge" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"

iocage exec deluge pkg install -y deluge

iocage exec deluge mkdir -p /mnt/config
iocage exec deluge mkdir -p /mnt/downloads
iocage fstab -a deluge /mnt/myVol/apps/deluge /mnt/config nullfs rw 0 0
iocage fstab -a deluge /mnt/myVol/media/downloads /mnt/downloads nullfs rw 0 0

iocage exec deluge "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec deluge "pw user add deluge -c deluge -d /home/deluge -m -G media -s /usr/bin/nologin"
iocage exec deluge chown -R media:media /mnt/config
iocage exec deluge chown -R media:media /mnt/downloads

iocage exec deluge sysrc "deluged_enable=YES"
iocage exec deluge sysrc "deluged_confdir=/mnt/config"
iocage exec deluge sysrc "deluged_user=deluge"
iocage exec deluge sysrc "deluge_web_enable=YES"
iocage exec deluge sysrc "deluge_web_confdir=/mnt/config"
iocage exec deluge sysrc "deluge_web_user=deluge"

iocage exec deluge service deluged start
iocage exec deluge service deluge_web start
 
# if you get an error on get_localhost_auth, you may need to add auth manually to /mnt/config/auth file with
# iocage exec deluge echo "localclient:a7bef72a890:10" >> /mnt/config/auth
# default password is "deluge"

Sonarr V3

09/19/2019 : ATTENTION last version of Sonarr supporting mono 5.10 is v3.0.2.572. Next version need mono 5.16 mini (5.20 atm) While no new ports or pkg of mono will be available on Freebsd stay on v3.0.2.572 or upgrade manually mono (see below Mono 6.8)

iocage create -n "sonarr" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on" 

# install pkgs
iocage exec sonarr pkg install -y mono mediainfo sqlite3 curl
# mount storage
iocage exec sonarr mkdir -p /config
iocage exec sonarr mkdir -p /mnt/downloads
iocage exec sonarr mkdir -p /mnt/series
iocage fstab -a sonarr /mnt/myVol/apps/sonarr /config nullfs rw 0 0
iocage fstab -a sonarr /mnt/myVol/media/downloads /mnt/downloads nullfs rw 0 0
iocage fstab -a sonarr /mnt/myVol/media/series /mnt/series nullfs rw 0 0

# download sonarr
iocage exec sonarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec sonarr "fetch http://services.sonarr.tv/v1/download/phantom/latest?version=3&os=linux -o /usr/local/share"
iocage exec sonarr "tar -xzvf /usr/local/share/Sonarr.phantom.3.0.2.572.linux.tar.gz -C /usr/local/share"
iocage exec sonarr rm /usr/local/share/Sonarr.phantom.3.0.2.572.linux.tar.gz

# Media Permissions
iocage exec sonarr "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec sonarr "pw groupadd -n media -g 8675309"
iocage exec sonarr "pw groupmod media -m sonarr"
iocage exec sonarr chown -R media:media /usr/local/share/Sonarr /config
iocage exec sonarr  sysrc 'sonarr_user=media'

# create rc.d
iocage exec sonarr mkdir /usr/local/etc/rc.d
iocage exec sonarr "ee /usr/local/etc/rc.d/sonarr"
# use rc.d below
CLICK TO SHOW SONARR rc.d

#!/bin/sh

# $FreeBSD$
#
# PROVIDE: sonarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# sonarr_enable: Set to YES to enable sonarr
# Default: NO
# sonarr_user: The user account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# sonarr_group: The group account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# sonarr_data_dir: Directory where sonarr configuration
# data is stored.
# Default: /var/db/sonarr

. /etc/rc.subr
name=sonarr
rcvar=${name}_enable
load_rc_config $name

: ${sonarr_enable:="NO"}
: ${sonarr_user:="media"}
: ${sonarr_group:="media"}
: ${sonarr_data_dir:="/config"}

pidfile="${sonarr_data_dir}/${name}.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Sonarr/Sonarr.exe --data=${sonarr_data_dir} --nobrowser"

start_precmd=sonarr_precmd
sonarr_precmd() {
if [ ! -d ${sonarr_data_dir} ]; then
install -d -o ${sonarr_user} -g ${sonarr_group} ${sonarr_data_dir}
fi

export XDG_CONFIG_HOME=${sonarr_data_dir}
}

run_rc_command "$1"

iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr
iocage exec sonarr sysrc "sonarr_enable=YES"
iocage exec sonarr service sonarr start

Radarr v3

09/19/2019 : ATTENTION last version of Radarr supporting mono 5.10 is v0.2.0.x. Next version (v3) need mono 5.16 mini (5.20 atm) While no new ports or pkg of mono will be available on Freebsd stay on v0.2.0.x or upgrade manually mono (see below)

iocage create -n "radarr" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"

# Install pkgs
iocage exec radarr pkg install -y mono mediainfo sqlite3 curl

iocage exec radarr mkdir -p /config
iocage exec radarr mkdir -p /mnt/downloads
iocage exec radarr mkdir -p /mnt/movies
iocage fstab -a radarr /mnt/myVol/apps/radarr /config nullfs rw 0 0
iocage fstab -a radarr /mnt/myVol/media/downloads /mnt/downloads nullfs rw 0 0
iocage fstab -a radarr /mnt/myVol/media/movies /mnt/movies nullfs rw 0 0

iocage exec radarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/3.0.0.4204/Radarr.master.3.0.0.4204.linux.tar.gz -o /usr/local/share"
iocage exec radarr "tar -xzvf /usr/local/share/Radarr.master.3.0.0.4204.linux.tar.gz -C /usr/local/share"
iocage exec radarr rm /usr/local/share/Radarr.master.3.0.0.4204.linux.tar.gz

# Media Permissions
iocage exec radarr "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin"

iocage exec radarr "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec radarr "pw groupadd -n media -g 8675309"
iocage exec radarr "pw groupmod media -m radarr"
iocage exec radarr chown -R media:media /usr/local/share/Radarr /config
iocage exec radarr mkdir /usr/local/etc/rc.d
iocage exec radarr "ee /usr/local/etc/rc.d/radarr"
CLICK TO SHOW RADARR rc.d

#!/bin/sh

# $FreeBSD$
#
# PROVIDE: radarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# radarr_enable:    Set to YES to enable radarr
#            Default: NO
# radarr_user:    The user account used to run the radarr daemon.
#            This is optional, however do not specifically set this to an
#            empty string as this will cause the daemon to run as root.
#            Default: media
# radarr_group:    The group account used to run the radarr daemon.
#            This is optional, however do not specifically set this to an
#            empty string as this will cause the daemon to run with group wheel.
#            Default: media
# radarr_data_dir:    Directory where radarr configuration
#            data is stored.
#            Default: /var/db/radarr

. /etc/rc.subr
name=radarr
rcvar=${name}_enable
load_rc_config $name

: ${radarr_enable:="NO"}
: ${radarr_user:="media"}
: ${radarr_group:="media"}
: ${radarr_data_dir:="/config"}

pidfile="${radarr_data_dir}/${name}.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Radarr/Radarr.exe --data=${radarr_data_dir} --nobrowser"

start_precmd=radarr_precmd
radarr_precmd() {
    if [ ! -d ${radarr_data_dir} ]; then
    install -d -o ${radarr_user} -g ${radarr_group} ${radarr_data_dir}
    fi

    export XDG_CONFIG_HOME=${radarr_data_dir}
}

run_rc_command "$1"

iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr
iocage exec radarr sysrc "radarr_enable=YES"
iocage exec radarr service radarr start

Lidarr

09/19/2019 : ATTENTION last version of Lidarr supporting mono 5.10 is v0.6.2.883. v0.7 and above need mono 5.16 mini (5.20 atm) While no new ports or pkg of mono will be available on Freebsd stay on v0.6.2.883 or upgrade manually mono (see below)

iocage create -n "lidarr" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"

# Install pkgs
iocage exec lidarr pkg install -y mono mediainfo sqlite3 curl chromaprint

iocage exec lidarr mkdir -p /config
iocage exec lidarr mkdir -p /mnt/downloads
iocage exec lidarr mkdir -p /mnt/music
iocage fstab -a lidarr /mnt/myVol/apps/lidarr /config nullfs rw 0 0
iocage fstab -a lidarr /mnt/myVol/downloads /mnt/downloads nullfs rw 0 0
iocage fstab -a lidarr /mnt/myVol/media/music /mnt/music nullfs rw 0 0

iocage exec lidarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec lidarr "fetch https://github.com/lidarr/Lidarr/releases/download/v0.6.2.883/Lidarr.develop.0.6.2.883.linux.tar.gz -o /usr/local/share"
iocage exec lidarr "tar -xzvf /usr/local/share/Lidarr.develop.0.6.2.883.linux.tar.gz -C /usr/local/share"
iocage exec lidarr "rm /usr/local/share/Lidarr.develop.0.6.2.883.linux.tar.gz"
iocage exec lidarr "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec lidarr "pw groupadd -n media -g 8675309"
iocage exec lidarr "pw groupmod media -m lidarr"
iocage exec lidarr chown -R media:media /usr/local/share/Lidarr /config

iocage exec lidarr mkdir /usr/local/etc/rc.d
iocage exec lidarr "ee /usr/local/etc/rc.d/lidarr"
CLICK TO SHOW LIDARR rc.d

#!/bin/sh

# $FreeBSD$
#
# PROVIDE: lidarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable lidarr:
# lidarr_enable="YES"

. /etc/rc.subr
name=lidarr
rcvar=${name}_enable
load_rc_config $name

: ${lidarr_enable="NO"}
: ${lidarr_user:="media"}
: ${lidarr_group:="media"}
: ${lidarr_data_dir:="/config"}

pidfile="${lidarr_data_dir}/${name}.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/Lidarr/Lidarr.exe -- data=${lidarr_data_dir} --nobrowser"

start_precmd=lidarr_precmd
lidarr_precmd() {
    if [ ! -d ${lidarr_data_dir} ]; then
    install -d -o ${lidarr_user} -g ${lidarr_group} ${lidarr_data_dir}
    fi

    export XDG_CONFIG_HOME=${lidarr_data_dir}
}

run_rc_command "$1"

iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr
iocage exec lidarr sysrc "lidarr_enable=YES"
iocage exec lidarr service lidarr start

Organizr V2

#Note to self: Make sure port forwarding is disabled before removing or rebuilding this jail
iocage create -n "organizr" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"

iocage exec organizr pkg install -y nginx git wget php74 php74-curl php74-pdo php74-sqlite3 php74-simplexml php74-zip php74-openssl php74-json php74-session php74-pdo_sqlite php74-filter

iocage exec organizr mkdir -p /config/nginx
iocage fstab -a organizr /mnt/myVol/apps/organizr /config nullfs rw 0 0

iocage console organizr
echo 'listen = /var/run/php-fpm.sock' >> /usr/local/etc/php-fpm.conf
echo 'listen.owner = www' >> /usr/local/etc/php-fpm.conf
echo 'listen.group = www' >> /usr/local/etc/php-fpm.conf
echo 'listen.mode = 0660' >> /usr/local/etc/php-fpm.conf
exit

iocage exec organizr cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
iocage exec organizr sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini
iocage exec organizr sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini

iocage exec organizr git clone -b v2-develop https://github.com/causefx/Organizr /usr/local/www/Organizr
iocage exec organizr chown -R www:www /usr/local/www /config

# Enable autostart and Start service first
iocage exec organizr sysrc nginx_enable=YES
iocage exec organizr sysrc php_fpm_enable=YES
iocage exec organizr service nginx start
iocage exec organizr service php-fpm start

# Create or Replace NGinx Config file
iocage exec organizr ee /config/nginx/nginx.conf
CLICK TO SHOW NGINX.CONF

user www;
worker_processes 1;
events {
    worker_connections 1024;
}
http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    server {
        listen 80;
        server_name localhost;
        root /usr/local/www/Organizr;
        location / {
            index index.php index.html index.htm;
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/local/www/nginx-dist;
        }
        location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $request_filename;
            include fastcgi_params;
        }
        location /api/v2 {
            try_files $uri /api/v2/index.php$is_args$args;
        }
    }
}

# link my existing nginx config, you need to upload your own or edit the existing
iocage exec organizr service nginx stop
iocage exec organizr rm /usr/local/etc/nginx/nginx.conf
iocage exec organizr ln -s /config/nginx/nginx.conf /usr/local/etc/nginx/nginx.conf
iocage exec organizr service nginx start

#important step Navigate to http://JailIP and set the follow the setup database location to "/config/Organizr" and Organizr for the database name. If you have an existing config file in the database location once you complete the setup restart the jail and login with you existing credentials.

#note to self renable port forwarding

I keep folders in /config for nginx,log,letsencrypt,Backups

Jackett

iocage create -n "jackett" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"

iocage exec jackett pkg install -y mono curl

iocage exec jackett mkdir -p /config
iocage fstab -a jackett /mnt/myVol/apps/jackett /config nullfs rw 0 0

iocage exec jackett ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec jackett "fetch https://github.com/Jackett/Jackett/releases/download/v0.10.531/Jackett.Binaries.Mono.tar.gz -o /usr/local/share"
iocage exec jackett "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share"
iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz

iocage exec jackett "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin"
iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config
iocage exec jackett mkdir /usr/local/etc/rc.d

ee /mnt/myVol/iocage/jails/jackett/root/usr/local/etc/rc.d/jackett
CLICK TO SHOW JACKETT rc.d

#!/bin/sh

# $FreeBSD$
#
# PROVIDE: jackett
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# jackett_enable:    Set to YES to enable jackett
#            Default: NO
# jackett_user:    The user account used to run the jackett daemon.
#            This is optional, however do not specifically set this to an
#            empty string as this will cause the daemon to run as root.
#            Default: media
# jackett_group:    The group account used to run the jackett daemon.
#            This is optional, however do not specifically set this to an
#            empty string as this will cause the daemon to run with group wheel.
#            Default: media
# jackett_data_dir:    Directory where jackett configuration
#            data is stored.
#            Default: /var/db/jackett

. /etc/rc.subr
name=jackett
rcvar=${name}_enable
load_rc_config $name

: ${jackett_enable:="NO"}
: ${jackett_user:="jackett"}
: ${jackett_group:="jackett"}
: ${jackett_data_dir:="/config"}

command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-p ${jackett_data_dir}/jackett.pid -f ${procname} /usr/local/share/Jackett/JackettConsole.exe -d ${jackett_data_dir}"

start_precmd=jackett_precmd
jackett_precmd() {
    export USER=${jackett_user}
    if [ ! -d ${jackett_data_dir} ]; then
    install -d -o ${jackett_user} -g ${jackett_group} ${jackett_data_dir}
    fi

    export XDG_CONFIG_HOME=${jackett_data_dir}
}

run_rc_command "$1"

iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett
iocage exec jackett sysrc "jackett_enable=YES"
iocage exec jackett service jackett start

Tautulli

iocage create -n "tautulli" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on"

iocage exec tautulli mkdir -p /config
iocage fstab -a tautulli /mnt/myVol/apps/tautulli /config nullfs rw 0 0

iocage exec tautulli pkg install -y python py38-setuptools py38-sqlite3 py38-openssl py38-pycryptodomex security/ca_root_nss git-lite nano
iocage exec tautulli git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli

iocage exec tautulli "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin"
iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config
iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli
iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli
iocage exec tautulli nano /usr/local/etc/rc.d/tautulli

Add command_interpreter="python" above the command line (line 41). Example:

command_interpreter="python"
command="${tautulli_dir}/Tautulli.py"
command_args="--daemon --pidfile ${tautulli_pid} --quiet --nolaunch ${tautulli_flags}"
iocage exec tautulli sysrc "tautulli_enable=YES"
iocage exec tautulli sysrc "tautulli_flags=--datadir /config"
iocage exec tautulli service tautulli start

If you get error like "bad magic numbers" on start :

iocage console tautulli
cd /usr/local/share/Tautulli/contrib
chown root clean_pyc.sh
chmod u+x clean_pyc.sh
./clean_pyc.sh

Validate with Enter key

chown tautulli clean_pyc.sh
chmod -x clean_pyc.sh
service tautulli start
exit

Shinobi

# Create the jail
iocage create -n "shinobi" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on" 

# Install Shinobi and dependencies
iocage exec shinobi pkg install -y git
iocage exec shinobi git clone https://gitlab.com/Shinobi-Systems/Shinobi.git Shinobi
iocage exec shinobi cd Shinobi
iocage exec shinobi chmod +x INSTALL/freenas.csh && INSTALL/freenas.csh

# Mount storage
iocage exec shinobi "mkdir -p /config"
iocage fstab -a shinobi /mnt/myVol/apps/shinobi /config nullfs rw 0 0

Nextcloud

https://www.samueldowling.com/2020/07/24/install-nextcloud-on-freenas-iocage-jail-with-hardened-security/

# Create "mysql" user
  Username: mysql
  Full Name: MySQL User
  User ID: 88
  New Primary Group: Checked
  Enable Password login: No

# Create zfs dataset
In apps/nextcloud, create 3 datasets
1)
  Name: db
  Compression Level: lz4
  Enable atime: Off
  Permissions : mysql/mysql
2) 
  Name: config
  Compression Level: lz4
  Enable atime: On
  Permissions : www/www
3) 
  Name: themes
  Compression Level: lz4
  Enable atime: On
  Permissions : www/www

# Create the jail
iocage create -n "nextcloud" -r LATEST dhcp=1 bpf=1 vnet=1 allow_raw_sockets="1" boot="on" 
iocage start nextcloud


# Mount storage
iocage exec nextcloud "mkdir -p /mnt/data"
iocage exec nextcloud "mkdir -p /var/db/mysql"
iocage exec nextcloud "mkdir -p /usr/local/www/nextcloud/config"
iocage exec nextcloud "mkdir -p /usr/local/www/nextcloud/themes"
iocage fstab -a nextcloud /mnt/myVol/media/cloud /mnt/data nullfs rw 0 0
iocage fstab -a nextcloud /mnt/myVol/apps/nextcloud/db /var/db/mysql nullfs rw 0 0
iocage fstab -a nextcloud /mnt/myVol/apps/nextcloud/config /usr/local/www/nextcloud/config nullfs rw 0 0
iocage fstab -a nextcloud /mnt/myVol/apps/nextcloud/themes /usr/local/www/nextcloud/themes nullfs rw 0 0

# Enable ZFS Cache for db dataset
zfs set primarycache=metadata myVol/apps/nextcloud/db

# Enter to jail console
iocage console nextcloud

# Install dependencies
pkg update
pkg install -y nano wget ca_root_nss apache24 mariadb105-server redis php74 php74-bz2 php74-ctype php74-curl php74-dom php74-exif php74-fileinfo php74-filter php74-gd php74-iconv php74-intl php74-json php74-ldap php74-mbstring php74-opcache php74-openssl php74-pdo php74-pdo_mysql php74-pecl-APCu php74-pecl-imagick php74-pecl-redis php74-posix php74-session php74-simplexml php74-xml php74-xmlreader php74-xmlwriter php74-xsl php74-zip php74-zlib php74-bcmath php74-gmp

# Install Nextcloud
cd /tmp
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
wget https://download.nextcloud.com/server/releases/latest.tar.bz2.sha512
# Check integrity of downloaded file
shasum -a 512 -c latest.tar.bz2.sha512
# MUST say OK, else redownload files
tar -xf latest.tar.bz2 -C /usr/local/www
rm latest.tar.bz2
rm latest.tar.bz2.sha512
chown -R www:www /usr/local/www/nextcloud /mnt/data

# Edit MariaDB (mysql) config file
nano /usr/local/etc/mysql/my.cnf
# In file find
# socket  = /var/run/mysql/mysql.sock
# Change to
# socket  = /tmp/mysql.sock
# Save the file (Ctrl+X > Y > Enter)

# Start MariaDB and install for first run
service mysql-server start
mysql_secure_installation --socket=/tmp/mysql.sock
# Provide the following answers to the prompts:
# Enter current password for root (enter for none):
# Switch to unix_socket authentication [Y/n] y
# Set root password? [Y/n] y
# New password: Enter a new password of your choice (don’t forget it!)
# Re-enter new password: 
# Remove anonymous users? [Y/n] y
# Disallow root login remotely? [Y/n] y
# Remove test database and access to it? [Y/n] y
# Reload privilege tables now? [Y/n] y

# Login to database to create Nextcloud Database and User
mysql -u root -p
# Enter password previously configured
# In database prompt enter following commands
CREATE DATABASE nextcloud;
# Change "nextcloud_admin-password-here" to new password for "nextcloud_admin" database user (different of root password)
CREATE USER 'nextcloud_admin'@'localhost' IDENTIFIED BY 'nextcloud_admin-password-here';
GRANT ALL ON nextcloud.* TO 'nextcloud_admin'@'localhost';
FLUSH PRIVILEGES;
exit
# Check new user is ok by login to
mysql -u nextcloud_admin -p
# Enter password previously configured ("nextcloud_admin-password-here")
# if OK (go to SQL prompt >) 
exit

# Start services to configure them
service apache24 start
service php-fpm start

# Configure Apache
nano /usr/local/etc/apache24/httpd.conf
# Uncomment lines (in nano search with Ctrl+W)
LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
# Change the following two lines
  DocumentRoot "/usr/local/www/apache24/data"
  <Directory "/usr/local/www/apache24/data">
# To
  DocumentRoot "/usr/local/www/nextcloud"
  <Directory "/usr/local/www/nextcloud">
# Change the following line
  AllowOverride none
# To
  AllowOverride all
# Change ServerName directive to
ServerName JAIL_IP:80
# Save and exit (Ctrl+X > Y > Enter)

# Configure Apache VirtualHost for Nextcloud
nano /usr/local/etc/apache24/Includes/nextcloud.conf
# Add the following content to the file:
<VirtualHost *:80>
    DocumentRoot "/usr/local/www/nextcloud"
    ServerName JAIL_IP
    <FilesMatch \.php$>
        SetHandler "proxy:fcgi://127.0.0.1:9000/"
    </FilesMatch>
    DirectoryIndex /index.php index.php
</VirtualHost>
# Restart Apache
service apache restart

# Configure PHP
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
nano /usr/local/etc/php.ini
# Uncomment (by removing ; in front of line) and configure
cgi.fix_pathinfo=1
date.timezone=Europe/Paris
# See http://php.net/manual/en/timezones.php to select the right timezone
post_max_size = 1999M
upload_max_filesize = 1999M
memory_limit = 512M
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=60
# Save and exit (Ctrl+X > Y > Enter)

# Enable APCu Cache system
nano /usr/local/etc/php/ext-20-apcu.ini
# Add following lines :
apc.enabled=1
apc.enable_cli=1
# Save and exit (Ctrl+X > Y > Enter)

# Restart services
service php-fpm restart && service apache24 restart

# Now navigate to Nextcloud : JAIL_IP
# Set up your admin account with a username and password you choose, then populate the fields as follows:
  Data folder = /mnt/data
  Database user = nextcloud_admin
  Database password = nextcloud_admin-password_here (nextcloud_admin user password configured before)
  Database name = nextcloud
  Database host = localhost:/tmp/mysql.sock

service redis start

# Configure Redis
nano /usr/local/etc/redis.conf
# Uncomment (remove "#" in front of line) and change following parameters
port 0
unixsocket /var/run/redis/redis.sock
unixsocketperm 770
bind 127.0.0.1
# Save and exit (Ctrl+X > Y > Enter)
# Add 'www' user to redis group
pw usermod www -G redis
# Restart redis service to apply modification
service redis restart

# Configure Redis on Nextcloud
su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/var/run/redis/redis.sock"'
su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer'
su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"'
su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"'
# Restart Apache
service apache24 restart

# Configure CRON jobs
setenv EDITOR nano
crontab -u www -e
# Add the following (assuming it’s blank, if not just add the job). The crontab header describes what each field in the cronjob represents, and is courtesy of squarism.

# minute (0-59),
# |     hour (0-23),
# |     |       day of the month (1-31),
# |     |       |       month of the year (1-12),
# |     |       |       |       day of the week (0-6 with 0=Sunday).
# |     |       |       |       |       commands
  */15      *       *       *       *       /usr/local/bin/php --define apc.enable_cli=1 -f /usr/local/www/nextcloud/cron.php
# Save and Exit (Ctrl + X)

# Test cronjob
su -m www -c '/usr/local/bin/php --define apc.enable_cli=1 -f /usr/local/www/nextcloud/cron.php'

# Install all services autostart
sysrc apache24_enable=yes
sysrc mysql_enable=yes
sysrc redis_enable=yes
sysrc php_fpm_enable=yes

# Exit console and restart Jail
exit
iocage restart nextcloud

Add Duplicati to Nextcloud jail for backup data on cloud

https://www.truenas.com/community/resources/duplicati-running-in-an-iocage.98/

iocage exec nextcloud pkg install -y mono py27-sqlite3 curl ca_root_nss

mkdir /mnt/Volume1/apps/duplicati
iocage fstab -a nextcloud /mnt/Volume1/apps/duplicati /mnt/duplicati_config nullfs rw 0 0

iocage exec nextcloud ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec nextcloud mkdir /usr/local/share/duplicati

iocage exec nextcloud fetch https://github.com/duplicati/duplicati/releases/download/v2.0.6.1-2.0.6.1_beta_2021-05-03/duplicati-2.0.6.1_beta_2021-05-03.zip -o /usr/local/share/duplicati
iocage exec nextcloud unzip /usr/local/share/duplicati/duplicati-2.0.6.1_beta_2021-05-03.zip
iocage exec nextcloud rm /usr/local/share/duplicati/duplicati-2.0.6.1_beta_2021-05-03.zip

iocage exec nextcloud "pw user add duplicati -c duplicati -u 818 -d /nonexistent -s /usr/bin/nologin"
iocage exec nextcloud chown -R duplicati:duplicati /usr/local/share/duplicati /mnt/duplicati_config
iocage exec nextcloud pw groupmod www -m duplicati

iocage exec nextcloud mkdir /usr/local/etc/rc.d

ee /mnt/myVol/iocage/jails/nextcloud/root/usr/local/etc/rc.d/duplicati
CLICK TO SHOW DUPLICATI rc.d

#!/bin/sh

# $FreeBSD$
#
# PROVIDE: duplicati
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# duplicati_enable: Set to YES to enable duplicati
# Default: NO
# duplicati_user: The user account used to run the duplicati daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# duplicati_group: The group account used to run the duplicati daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# duplicati_data_dir: Directory where duplicati configuration
# data is stored.
# Default: /var/db/duplicati

. /etc/rc.subr
name=duplicati
rcvar=${name}_enable
load_rc_config $name

: ${duplicati_enable:="NO"}
: ${duplicati_user:="duplicati"}
: ${duplicati_group:="duplicati"}
: ${duplicati_data_dir:="/mnt/duplicati_config"}

command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-p ${duplicati_data_dir}/duplicati.pid -f ${procname} /usr/local/share/duplicati/Duplicati.Server.exe --webservice-port=8200 --webservice-interface=any -d ${duplicati_data_dir}"

start_precmd=duplicati_precmd
duplicati_precmd() {
export USER=${duplicati_user}
if [ ! -d ${duplicati_data_dir} ]; then
install -d -o ${duplicati_user} -g ${duplicati_group} ${duplicati_data_dir}
fi

export XDG_CONFIG_HOME=${duplicati_data_dir}
}

run_rc_command "$1"

iocage exec nextcloud chmod u+x /usr/local/etc/rc.d/duplicati
iocage exec nextcloud sysrc "duplicati_enable=YES"
iocage exec nextcloud service duplicati start

Go to http://IP_JAIL:8200 and use default password "duplicati" on first login and change it

Manually install Mono 6.8 (2020-11-08)

Instruction from issue here : https://www.truenas.com/community/threads/fn11-3-iocage-jails-plex-tautulli-sonarr-radarr-lidarr-jackett-transmission-organizr.55502/page-46

iocage console <jail>
pkg update
pkg upgrade
pkg install -y wget libiconv
wget https://github.com/jailmanager/jailmanager.github.io/releases/download/v0.0.1/mono-6.8.0.105.txz
pkg install -y mono-6.8.0.105.txz
rm mono-6.8.0.105.txz

Update to the latest FreeBSD repo (if needed)

iocage console <jail>
mkdir -p /usr/local/etc/pkg/repos
echo -e 'FreeBSD: { url: \"pkg+http://pkg.FreeBSD.org/\${ABI}/latest\" }' > /usr/local/etc/pkg/repos/FreeBSD.conf

Backups

Important files

Backup your entire apps folder

Common Commands

https://www-uxsup.csx.cam.ac.uk/pub/doc/suse/suse9.0/userguide-9.0/ch24s04.html

cd /directorypath	: Change to directory.
chmod [options] mode filename	: Change a file’s permissions.
chown [options] filename :	Change who owns a file.
cp [options] :source destination	: Copy files and directories.
ln -s test symlink	: Creates a symbolic link named symlink that points to the file test
mkdir [options] directory	: Create a new directory.
mv -i myfile yourfile : Move the file from "myfile" to "yourfile". This effectively changes the name of "myfile" to "yourfile".
mv -i /data/myfile :	Move the file from "myfile" from the directory "/data" to the current working directory.
rm [options] directory	: Remove (delete) file(s) and/or directories.
tar [options] filename :	Store and extract files from a tarfile (.tar) or tarball (.tar.gz or .tgz).
touch filename :	Create an empty file with the specified name.

Testing/Updates

iocage exec <jail> pkg version : to see current and available version of installed package
iocage exec <jail> pkg upgrade <name of service> : upgrade to latest version of package
iocage exec <jail> pkg update && pkg upgrade : update sources list and upgrade all installed packages

iocage exec <jail> service <name of service> start
iocage exec <jail> service <name of service> restart
iocage exec <jail> service <name of service> stop

To go to jail's shell from main shell

iocage console <jail>

Get latest FreeBSD iocage version

iocage fetch -r LATEST

Upgrading FreeBSD release version of a Jail

iocage upgrade -r <RELEASE VERSION> <jail>

If upgrading since previous major version (from 11 to 12 for exemple) run this command after upgrade

iocage exec <jail> pkg-static install -f pkg
iocage exec <jail> pkg upgrade -y

If you are stuck with (END) line in the process, type 'q' (enough time to continue process)


Default User Ports/UID/Location

SERVICEPORTUSER (UID)
mysqlmysql (88)
radarr7878radarr (352)
sonarr8989
lidarr8686
jackett9117jackett (818)
organizr80organizr (www)
plexmediaserver32400plex (972)
transmission9091transmission (921)
tautulli8181tautulli (109)
syncthing8384syncthing (983)
deluge8112deluge
duplicati8200duplicati (818)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment